Re: [v6ops] Scope of Unique Local IPv6 Unicast Addresses (Fwd: New Version Notification for draft-gont-6man-ipv6-ula-scope-00.txt)

[Mark Andrews <marka@isc.org>]

> On 8 Jan 2021, at 14:02, Mark Andrews <marka@isc.org> wrote:
> 
> 
> 
>> On 8 Jan 2021, at 13:54, Ted Lemon <mellon@fugue.com> wrote:
>> 
>> Right. That’s how you do it. And then what happens with the topology changes?  The random ids are no longer referring to the same links. Solving this problem adequately is way more work than it’s worth. The thrashing in the database would be brutal. 
> 
> You publish updated records.  If you are changing topology the addresses of the nodes are almost certainly changing anyway. Publishing new L-L SA records along with new ULA and GUA is minimal extra expense.

When you change topology the node will see new RAs and getaddrinfo() will filter out all the old addresses.  The node has a set of link identifiers for links it is attached to.  Remember machines don’t care about these names.  They are just ways to filter out the currently useful addresses.  Each node will maintain its own mapping from applicable names to sin6_scope_id which will be filled in by getaddrinfo() generated by the RAs it sees.

>>> On Jan 7, 2021, at 21:48, Mark Andrews <marka@isc.org> wrote:
>>> 
>>> 
>>> 
>>>> On 8 Jan 2021, at 13:04, Ted Lemon <mellon@fugue.com> wrote:
>>>> 
>>>>> On Jan 7, 2021, at 9:02 PM, Mark Andrews <marka@isc.org> wrote:
>>>>> The example names I used where using the individuals suffix (id.au) but the idea is to leverage the existing global DNS to provide uniqueness. 
>>>> 
>>>> That works pretty well for ULAs, but not for LLAs. For LLAs you need to identify the link, and that’s just not a simple thing to do, as I explained earlier.
>>> 
>>> Actually you haven’t explained.  You have stated.  You said it was hard.  Hard is not intractable.
>>> 
>>> If you are willing for a link to have multiple names just have reach router generate its own random 160 bit base32 encoded label for each interface, append the well know suffix and advertise it.  You will get multiple SA records for the same interface if there are multiple routers but that should not be a issue.  With 160 random bits the need to do collision detection is really non-existent.  We’ve resolved this for NSEC3 and DNS changes 15 years ago. This will scale into millions of router interfaces.
>>> 
>>> If you want to have a single link name then we need to define a protocol for the routers on the link to select one of the names.  This may end up being technology linked.  Router with smallest L-L address wins would be one solution to this.
>>> 
>>> Yes, I really do expect every machine to update its own addresses in the DNS.  We do know how to do that securely with SIG(0).
>>> 
>>> 
>>> -- 
>>> Mark Andrews, ISC
>>> 1 Seymour St., Dundas Valley, NSW 2117, Australia
>>> PHONE: +61 2 9871 4742              INTERNET: marka@isc.org
>>> 
> 
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742              INTERNET: marka@isc.org

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org